Defending against cellphone spying

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

MichaelRSorg

Well-known member
Nov 1, 2020
114
19
routersecurity.org
There are some defensive strategies that were left out of this week's podcast (A spy in our pocket).

On Android, DNS can be used to limit the computers the phone can contact. Android 9, 10 and 11 have a feature called Private DNS that sets up an encrypted DNS server that is used system-wide. If you use this in conjunction with a Nextdns.io account (they are free), then you can use the NextDNS logging feature to see every DNS request made by the Android device. Then, you can use the black list feature of NextDNS to prevent access to specific domains and sub-domains. Older versions of Android can use the Google/Jigsaw Intra app to get access to encrypted DNS.

The elephant in the room, to me at least, is simply to turn things off.

When not using Wi-Fi, turn it off.
When not using Bluetooth, turn if off.
When not using 4G/LTE turn it off.
When you don't need location information, turn it off.
Even with them all off, you can still get phone calls and text messages.

Each is a hassle, but every increase in security requires a bit of a hassle. Always has, always will.
 
When not using 4G/LTE turn it off.
And then you can't receive a phone call or SMS... which was your entire point of having a "phone" to begin with. Not to mention if an emergency happens, now you can't dial 911 quickly and neither can your phone on your behalf (with fall and/or crash detection features.)

Even with them all off, you can still get phone calls and text messages.

What is the black magic of which you speak?? Perhaps you think that 2G or 3G is still available to everyone even if 4G/5G is disabled?? It is not the case.
 
I've never had this work this way, but perhaps things work differently in different markets. In any case if you can make a call, your phone is still pinging the towers... which means both the phone and the towers know your location within certain limits.
 
In the US, I have used two of the 4 cellphone companies and each was able to send/receive calls and texts with the 4G/LTE data turned off. Whether that is always the case for all countries and all companies, I do not know.

Yes, with Bluetooth, 4G, WiFi and location/gps disabled, the phone does still interact with cell towers and thus provide a coarse location. That is the cost of being able to receive a phone call.
 
Well, with 4G you do have a separate voice data path, which uses the exact same systems as data, just it is split out by the tower from the bulk data, and processed as high priority data internal to the cell provider. Thus you can disable data, though you will find that the data channel still has data use from handshaking and the phone internal systems interacting for call setup. The SMS functions now no longer use a separate messaging channel, now only a prefix in the data stream instead.

Thus you can disable data, but still have voice, used very commonly in markets with data being billed separately from calls, and where you can get capped data wise and still have the ability to do calls. You can even set up specific DNS routings, and thus have things like separate data streams for services like Whatsapp, Facebook and Youtube, and even more specific routing so that you can say only have the educational sytem data be available, along with the provider website only. This is so you can allow "top up" data purchases from the phone, or to lock a SIM to a school or educational system intranet only, and not allow any other data use unless it is paid for.

Commonly used here from the one provider to provide "free Whatsapp", though they did limit the video and calling features after a while, as this was killing the actual purchase of voice minutes, with people only paying the minimum monthly fee (50c US) that you needed to have this feature, while they were losing massively on the data use.